“Instead, if you conduct a web search and try to click on the resulting links you are taken to fake websites set up by the crooks.”

How Symantec and Microsoft took down Bamital

Merritt explained how takedowns of click fraud rings by security software players work. She said: “First, security companies like Symantec notice a particular form of malicious software in circulation. They create protection files, called definitions, to prevent their customers from getting infected.

“Then, they share that information with the rest of the security industry. In special circumstances, the malware operates at a significant level, infecting thousands, possibly millions of computers anywhere in the world. Money is lost or computer performance is impacted. People begin to notice their computer isn’t working properly or they are blocked from visiting intended websites. Law enforcement may get involved at any stage in this process.

“We’ve previously seen collaboration between security companies and law enforcement to stop cyber-criminals in their tracks. Often, the easiest approach is to determine the location of servers that are communicating with the malware and break the connection by redirecting that web traffic to law enforcement secured servers.”

In the case of Microsoft and Symantec, technicians working for both companies raided data centres in Virginia and New Jersey yesterday, accompanied by US federal marshals.

They seized control of one server in New Jersey and persuaded the operators of the Virginia data centre to take down a server at their parent company in the Netherlands.

The servers had been used to communicate with between 300,000 and 1m PCs infected with malware.